Triage Squid Events

Security event triage rules determine which events require further follow up and which events can be archived without further investigation. CCP processes many events every day so effective triage helps analysts focus on the most important events.

The two components of security event triage are:
  • Determine if the event is an alert.
  • If the event is an alert, assign a score. If the event is not an alert, it is not scored.